37c62007091add9a17fb38c0db96aef01d04715b5731fe94a6a02a155585d6d2

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 07:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

37c62007091add9a17fb38c0db96aef01d04715b5731fe94a6a02a155585d6d2.exe
Size

2.2MB
MD5

1ed2ceb80f267692c185edafff8b9e94
SHA1

7e08bf5b548111f0632d6397b3112882e61cce19
SHA256

37c62007091add9a17fb38c0db96aef01d04715b5731fe94a6a02a155585d6d2
SHA512

3e0b78934d2408b1d1687b7b3bae77c5f0ffd6c907900cac741b90f12dfa9414b071664d736abb56536c914dfbd7d3670025359cef05a5ad310e48642bcd5185
SSDEEP

24576:yzfwwRIwz9G3mpks6a/+CAWnTfj7RgIKUq9rBVmOfb0E4s8Oa2YD37ZyATGrJqpV:yfIwU2ks6DWAuOlV8bxD37cAT3LeM

Score

7^/10

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	37c62007091add9a17fb38c0db96aef01d04715b5731fe94a6a02a155585d6d2.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs

pid	Process
1008	37c62007091add9a17fb38c0db96aef01d04715b5731fe94a6a02a155585d6d2.exe
1008	37c62007091add9a17fb38c0db96aef01d04715b5731fe94a6a02a155585d6d2.exe
1008	37c62007091add9a17fb38c0db96aef01d04715b5731fe94a6a02a155585d6d2.exe
1008	37c62007091add9a17fb38c0db96aef01d04715b5731fe94a6a02a155585d6d2.exe
1008	37c62007091add9a17fb38c0db96aef01d04715b5731fe94a6a02a155585d6d2.exe
1008	37c62007091add9a17fb38c0db96aef01d04715b5731fe94a6a02a155585d6d2.exe
1008	37c62007091add9a17fb38c0db96aef01d04715b5731fe94a6a02a155585d6d2.exe
1008	37c62007091add9a17fb38c0db96aef01d04715b5731fe94a6a02a155585d6d2.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	37c62007091add9a17fb38c0db96aef01d04715b5731fe94a6a02a155585d6d2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	37c62007091add9a17fb38c0db96aef01d04715b5731fe94a6a02a155585d6d2.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1008	37c62007091add9a17fb38c0db96aef01d04715b5731fe94a6a02a155585d6d2.exe

C:\Users\Admin\AppData\Local\Temp\37c62007091add9a17fb38c0db96aef01d04715b5731fe94a6a02a155585d6d2.exe
"C:\Users\Admin\AppData\Local\Temp\37c62007091add9a17fb38c0db96aef01d04715b5731fe94a6a02a155585d6d2.exe"
1⤵
- Checks BIOS information in registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
PID:1008

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1008-54-0x0000000000400000-0x0000000000637000-memory.dmp

Filesize
2.2MB

Download
memory/1008-56-0x0000000075ED0000-0x0000000075F17000-memory.dmp

Filesize
284KB

Download
memory/1008-462-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-465-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-466-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-464-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-463-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-468-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-471-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-470-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-472-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-473-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-469-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-467-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-474-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-476-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-475-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-477-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-480-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-478-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-479-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-524-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-523-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-522-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-521-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-520-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-519-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-518-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-517-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-516-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-515-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-514-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-513-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-512-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-511-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-510-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-509-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-508-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-507-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-506-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-505-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-504-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-503-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-502-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-501-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-500-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-499-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-498-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-497-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-496-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-495-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-494-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-493-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-492-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-491-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-490-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-489-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-488-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-487-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-486-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-485-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-484-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-483-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-481-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-482-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-1331-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-1332-0x0000000002810000-0x0000000002991000-memory.dmp

Filesize
1.5MB

Download
memory/1008-3492-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download
memory/1008-3977-0x00000000026D0000-0x00000000027D0000-memory.dmp

Filesize
1024KB

Download
memory/1008-4484-0x0000000002AC7000-0x0000000002AC9000-memory.dmp

Filesize
8KB

Download
memory/1008-4482-0x0000000002AC7000-0x0000000002AC9000-memory.dmp

Filesize
8KB

Download
memory/1008-5277-0x0000000002BE0000-0x0000000002CE1000-memory.dmp

Filesize
1.0MB

Download
memory/1008-5278-0x00000000029A0000-0x0000000002A41000-memory.dmp

Filesize
644KB

Download
memory/1008-5279-0x0000000000671000-0x000000000068E000-memory.dmp

Filesize
116KB

Download
memory/1008-5280-0x0000000000400000-0x0000000000637000-memory.dmp

Filesize
2.2MB

Download
memory/1008-5281-0x0000000002AC0000-0x0000000002BD1000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads